Search CVE reports


Toggle filters

1 – 10 of 26 results


CVE-2026-39179

Medium priority
Needs evaluation

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Needs evaluation Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-39178

Medium priority
Needs evaluation

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Needs evaluation Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-8851

Medium priority

Some fixes available 4 of 5

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-46446

Medium priority

Some fixes available 4 of 5

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-46445

Medium priority

Some fixes available 4 of 5

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-8496

Medium priority

Some fixes available 1 of 2

A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Not affected Not affected Not affected
Show less packages

CVE-2026-33550

Medium priority

Some fixes available 2 of 4

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Not affected Not affected
Show less packages

CVE-2025-71276

Medium priority

Some fixes available 4 of 6

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-3054

Medium priority

Some fixes available 1 of 3

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Not affected Not affected Not affected
Show less packages

CVE-2025-63499

Medium priority

Some fixes available 3 of 6

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Not affected Not in release Fixed Fixed Fixed
Show less packages